28 lines
1.3 KiB
Diff
28 lines
1.3 KiB
Diff
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
|
|
index 75a1677022..43c1900bca 100644
|
|
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
|
|
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
|
|
@@ -98,8 +98,9 @@ B<trust>.
|
|
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
|
|
B<t>. Normally the current time is used.
|
|
|
|
-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
|
|
-by default) and adds B<policy> to the acceptable policy set.
|
|
+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
|
|
+Contrary to preexisting documentation of this function it does not enable
|
|
+policy checking.
|
|
|
|
X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
|
|
by default) and sets the acceptable policy set to B<policies>. Any existing
|
|
@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
|
|
The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
|
|
and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
|
|
|
|
+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
|
|
+enabling policy checking however the implementation has never done this.
|
|
+The documentation was changed to align with the implementation.
|
|
+
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
|